On Tue, Dec 11, 2018 at 10:04:34AM +0100, Kashyap Chamarthy wrote:
On Mon, Dec 10, 2018 at 04:53:27PM +0000, Daniel P. Berrangé wrote:
> The virt-pki-validate tool is extracting components in the x509
> certificate Subject field. Unfortunately the regex it is is using is far
> too strict, and so truncating valid data. It needs to consider ',' as a
> field separator, and if that's not there take all data until the EOL.
[...]
> ---
> tools/virt-pki-validate.in | 8 ++++----
> 1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/tools/virt-pki-validate.in b/tools/virt-pki-validate.in
> index b04680ddef..c3fadbba64 100755
> --- a/tools/virt-pki-validate.in
> +++ b/tools/virt-pki-validate.in
> @@ -201,14 +201,14 @@ then
> echo Client certificate $LIBVIRT/clientcert.pem should be world readable
> echo "as root do: chown root:root $LIBVIRT/clientcert.pem ; chmod 644
$LIBVIRT/clientcert.pem"
> else
> - S_ORG=`"$CERTOOL" -i --infile "$LIBVIRT/clientcert.pem"
| grep Subject: | sed 's+.*O=\([a-zA-Z \._-]*\).*+\1+'`
> + S_ORG=`"$CERTOOL" -i --infile "$LIBVIRT/clientcert.pem"
| grep Subject: | sed 's+.*O=\([^,]*\).*+\1+'`
Unrelated to this patch, nit-pick: s/S_ORG/C_ORG/ here? Because we use
'S_ORG' further below in the script for server certificate.
Yes, that's a harmless mistake but i'll push a trivial patch to rename
it.
Regards,
Daniel
--
|:
https://berrange.com -o-
https://www.flickr.com/photos/dberrange :|
|:
https://libvirt.org -o-
https://fstop138.berrange.com :|
|:
https://entangle-photo.org -o-
https://www.instagram.com/dberrange :|